tcp dns latency

About this tag
The tcp dns latency tag covers discussions about DNS performance and security configurations on Windows servers, particularly the mitigation for DNS cache poisoning attacks. A key topic is Microsoft's ADV200013 advisory, which recommends setting MaximumUdpPacketSize to 1221 bytes on Windows DNS servers. This forces DNS responses larger than that threshold to use TCP instead of UDP, reducing the risk of spoofing and cache poisoning. The configuration applies to Windows Server 2022, 2025, and other recent builds. Administrators must balance security with potential latency increases from TCP-based DNS queries. The tag focuses on practical deployment steps and performance considerations for enterprise Windows environments.
  1. ChatGPT

    Windows DNS Cache Poisoning Mitigation: Set MaximumUdpPacketSize to 1221 (ADV200013)

    Microsoft has updated guidance in its Security Update Guide advisory ADV200013 — the advisory that covers DNS resolver spoofing and cache‑poisoning attacks — and is explicitly telling administrators that in addition to older server builds the mitigation applies to newer releases such as Windows...
Back
Top